Patty Ryan, Sr. Director, Chief Information Security Officer, QuidelOrtho
QuidelOrtho Corporation (Nasdaq: QDEL) is a world leader in in vitro diagnostics, developing and manufacturing intelligent solutions that transform data into understanding and action for more people in more places every day.
Offering industry-leading expertise in immunoassay and molecular testing, clinical chemistry and transfusion medicine, bringing fast, accurate and reliable diagnostics when and where they are needed – from home to hospital, lab to clinic. So that patients, clinicians and health officials can spot trends sooner, respond quicker and chart the course ahead with accuracy and confidence.
Building upon its many years of groundbreaking innovation, QuidelOrtho continues to partner with customers across the healthcare continuum and around the globe to forge a new diagnostic frontier. One where insights and solutions know no bounds, expertise seamlessly connects and a more informed path is illuminated for each of us.
QuidelOrtho is advancing diagnostics to power a healthier future.
In what ways are new Information Security measures anticipated to impact and address the challenges faced in satisfying business requirements?
Utilizing tools like AI-based analytic solutions can play a crucial role in ensuring data is used globally as per business needs, eliminating the need for multiple instances of data repositories to be secured. This empowers the Information Security team with more control over the data. The ability to answer questions like what data is required, where it is located and who has access to it is becoming increasingly vital, especially given the evolving data localization laws.
“There is a constant need for technical information security practitioners who are committed to staying updated with technology and the resulting risk evolution.”
We have all seen in the press how “hackers” are adding GenAI's capabilities to their toolbox, resulting in exponentially sophisticated attacks. That same technology will be a key tool for Information Security teams, allowing more sophisticated and accurate threat detection, analysis of data/traffic patterns and identification of shadow copies of data.
There is a constant need for technical information security practitioners who are committed to staying updated with technology and the resulting risk evolution. Every day, innovative ways to integrate solutions (such as GenAI) are being defined. The challenge of how to best secure these solutions will continue to grow, necessitating Information Security practitioners to keep pace with what is possible and how. Information Security teams can leverage AI solutions to monitor for abnormalities.
If your company can give consent for this, can you share your experiences from one of the projects that you were recently involved in?
Approximately two years ago, Quidel Corporation completed its acquisition of Ortho Clinical Diagnostics, creating QuidelOrtho. You can imagine the volume of work required to integrate every aspect of these companies, including the Information Technology/Information Security team.
We combined two firms with two different cultures, customer bases, operational processes and IT footprints that needed to integrate to provide the best service to our customers and patients globally. Very early on, I found myself assuming I knew the answer regarding how best to secure specific areas of the business as they consolidated. It became apparent I was alone in thinking I knew it all, as others did not line up behind me.
I woke up, realized what I was doing, and I stopped forcing issues. I started taking the time to better understand and redefine success as well as the changing roles and responsibilities across the combined organization. Time was dedicated to building new teams and cultural norms. Taking the time to focus on the people enabled me to then align the team on evaluating the risks that existed in this new organization, recommendations for mitigation and the impact of doing nothing. Through this collaborative process, we gained alignment, as well as transparency and trust, and I learned a valuable lesson about leading through change.
While change is constant the relationships we’ve built going through the process are strong. Today, our alignment is simple and direct. We can collectively focus on how to balance business requirements with the changing threat and regulatory landscape. And due to the trust we’ve built, we can move fast.
What are some of the challenges in your business that current services are unable to provide an optimal solution?
I think everyone with a manufacturing footprint has IT assets somewhere that are critical operations yet out-of-date. As threats change, these dated assets can pose vulnerabilities. Lifecycle management of all IT-related assets, regardless of purpose, is a continuing challenge.
The same can be said for products. It is common for it to take three years from idea to U.S. Food and Drug Administration approval for a product. During that timeframe, security issues that need to be remediated can be identified. The challenge is to maintain the security of our environments/products when something akin to the normal patching cycle is not possible.
What advice or recommendations would you offer to professionals in roles similar to yours, working in Information Security across different companies, regarding best practices and actions?
Create a strong, open communications channel across your organization. Information Security can be a complex topic to dive into occasionally with peers, leaders and business partners. Use every opportunity to educate your company about what specific risks or issues will affect your business and why they should care. Also, create a formal structure to update Executive Leadership with a frequent cadence. With the speed at which technology, regulations and threats move, executives must be fully informed of changes and recommendations for risk mitigation.
In the realm of Information Security, is there a technological development that you find most captivating, and could you provide insights into why it holds particular excitement for you?
I think like many others; I am intrigued with the potential of AI. Yes, there will be a huge benefit for Information Security teams as this capability is integrated Information Security technologies and processes. What I find even better is the integration of a security mindset directly into business-focused technologies. For example, integrating AI into software developers’ tools can help the developer make more secure code, or integration into data modeling tools can add levels of data protection without manual overhead, and employee authentication infrastructures could become more secure without adding more user interactions.